How to Perform a Active Directory Health Check - Tools List with Options
This article will go over the most common steps that I perform when doing health checks on domain controllers. I get asked about what I do when performing a health check on a domain controller. Below you will see some of the commands that I use when I need to ensure my domain controllers are still healthy. The Event Viewer is always a must. I look at all the logs before and after the update to the domain controller looking for abnormal events. With the pre-check I usually go back a month of logs to get more historical data. I then run through a couple command line utilities.
One thing I like to do is pipe my commands out to a text document. This just makes it easier for me to read and also search for failed events.
1.Dcdiag.exe /v >> c:\temp\pre-dcdiag.txt. This is a must and will always tell you if there is trouble with your DCs and/or services associated with it
2.Netdiag.exe /v >> c:\temp\pre-netdiag.txt. This will let me know if there are issues with the networking components on the DC. This along with the post test also is a quick easy way to ensure the patch I just installed is really installed .
3.Netsh dhcp show server >> c:\temp\pre-dhcp.txt. Some may not do this but I've felt the pain of a DHCP server somehow not being authorized after a patch. This allows me verify the server count and names.
4.Repadmin /showreps >> c:\temp\pre-partners.txt. This shows all my replication and if it was successful or not. Just be aware that Global Catalogs will have more info here than a normal domain controller.
5 Download and run the Microsoft IT Environment Health Scanner.
http://www.microsoft.com/downloads/details.aspx?familyid=dd7a00df-1a5b-4fb6-a8a6-657a7968bd11&displaylang=en
After I run these five steps I update my server with any missing or needed changes. When it is done, I run the same five steps again to verify the changes have been applied.
One thing I like to do is pipe my commands out to a text document. This just makes it easier for me to read and also search for failed events.
1.Dcdiag.exe /v >> c:\temp\pre-dcdiag.txt. This is a must and will always tell you if there is trouble with your DCs and/or services associated with it
2.Netdiag.exe /v >> c:\temp\pre-netdiag.txt. This will let me know if there are issues with the networking components on the DC. This along with the post test also is a quick easy way to ensure the patch I just installed is really installed .
3.Netsh dhcp show server >> c:\temp\pre-dhcp.txt. Some may not do this but I've felt the pain of a DHCP server somehow not being authorized after a patch. This allows me verify the server count and names.
4.Repadmin /showreps >> c:\temp\pre-partners.txt. This shows all my replication and if it was successful or not. Just be aware that Global Catalogs will have more info here than a normal domain controller.
5 Download and run the Microsoft IT Environment Health Scanner.
http://www.microsoft.com/downloads/details.aspx?familyid=dd7a00df-1a5b-4fb6-a8a6-657a7968bd11&displaylang=en
After I run these five steps I update my server with any missing or needed changes. When it is done, I run the same five steps again to verify the changes have been applied.
Comments